[Pkg-openldap-devel] Bug#474021: Bug#474021: Bug#474021: ldap-utils: ldapsearch should send errors to stderr

Chris Adams chris at improbable.org
Thu Apr 3 21:16:33 UTC 2008

On Apr 3, 2008, at 3:31 PM, Quanah Gibson-Mount wrote:
>> In the example I included, the server timeout error was sent to  
>> stderr if
>> the server was down (e.g. connect() gets an RST) but not in the  
>> case of a
>> timeout (the LDIF comment is all you get).
> In this case, do you mean a timeout at the *protocol* level, where  
> the search hits a timelimit set on the server side?

Yes - if the timeout is at the network level it will simply hang until  
killed unless you have tcp keepalives enabled.

Here's the offending code:

if( !ldif ) {
	printf( "result: %d %s\n", err, ldap_err2string(err) );
} else if ( err != LDAP_SUCCESS ) {
	fprintf( stderr, "%s (%d)\n", ldap_err2string(err), err );

Basically, I'd like to change ldapsearch.c so errors are always  
reported to stderr rather than only when -L is also specified. It  
looks like most of the other error cases do this, although I did  
notice that some of the LDAP_SYNC stuff sends errors to stdout, too.

if ( err != LDAP_SUCCESS ) {
	fprintf( stderr, "Search failed: %s (%d)\n", ldap_err2string(err),  
err );

if( !ldif ) {
	printf( "result: %d %s\n", err, ldap_err2string(err) );

I've attached a patch which also changes the two other places where  
printf was used to report abnormal conditions to use frpintf(stderr  
instead of printf.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldapsearch-stderr.diff
Type: application/octet-stream
Size: 1206 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20080403/6c667816/attachment.obj 
-------------- next part --------------

> Do you use nscd?

Yes but I've reproduced the problems with and without it. Basically  
either way it works reasonably well (fails in at a low multiple of the  
specified timelimit) if you have a clean failure but hangs  
indefinitely if you have something like a LDAP server which accepts  
connections but doesn't respond which is the failure mode we've  
observed in all three of our major slapd outages (#303057, #378261).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2423 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20080403/6c667816/attachment.bin 

More information about the Pkg-openldap-devel mailing list